Skip to main content

security - List of dangerous functions


I no longer believe it is a good idea to work with a list of dangerous functions. I have tried to edit the question is such a way that it respects my earlier perspective, but also so that it does not give users the impression that certain things are safe whereas they are not.


Introduction


Running Mathematica code from an untrusted source is very dangerous. Luckily, Mathematica warns you about dynamic content, so that it is probably safe to open any notebook, as long as you don't run it.


I feel it would be very nice to have a list of functions that can harm a system. Using this, we may be able to make a function that checks if a notebook is safe.


A function to find dangerous functions


A naive function to see if dangerous expressions are present in a NotebookObject, could be the following.


Through[{Unprotect, ClearAll}[dangerousFunctionsQ]]

dangerousFunctionsQ[nb_] := ! 

   FreeQ[ToExpression[Unevaluated[#], StandardForm, 
       HoldComplete] & /@ (NotebookRead@Cells[nb])[[All, 1]], 
    Alternatives @@ listOfDangerousFunctions];

Protect[dangerousFunctionsQ];

Where listOfDangerousFunctions is given. Unfortunately, this code does not guarantee safety, even we know the full list of dangerous functions.


Furthermore, getting the NotebookObject is a bit tricky. We could simply open the notebook and use Notebooks, but opening the notebook doesn't sound too safe. Also making an automated approach based on this is inelegant. Note however, that using the obvious alternative, which is to use Import (with one argument) on the notebook file turns out not to be safe.


The question is: Which built-in functions are dangerous (especially just by themselves)?


Related



In a CDF can I suppress or avoid “This file contains potentially unsafe dynamic content…”



Answer



Honestly, Mathematica is so flexible and has so many undocumented functions tucked away in nooks that I think it would be better to create a white-list of safe functions than to try to list all potentially dangerous ones.


Better still would be to simply run Mathematica on a virtual machine or in an instance of Sandboxie where no damage is permanent (excepting privacy issues if network access is not blocked).


Comments

Post a Comment

Popular posts from this blog

plotting - Filling between two spheres in SphericalPlot3D

Manipulate[ SphericalPlot3D[{1, 2 - n}, {θ, 0, Pi}, {ϕ, 0, 1.5 Pi}, Mesh -> None, PlotPoints -> 15, PlotRange -> {-2.2, 2.2}], {n, 0, 1}] I cant' seem to be able to make a filling between two spheres. I've already tried the obvious Filling -> {1 -> {2}} but Mathematica doesn't seem to like that option. Is there any easy way around this or ... Answer There is no built-in filling in SphericalPlot3D . One option is to use ParametricPlot3D to draw the surfaces between the two shells: Manipulate[ Show[SphericalPlot3D[{1, 2 - n}, {θ, 0, Pi}, {ϕ, 0, 1.5 Pi}, PlotPoints -> 15, PlotRange -> {-2.2, 2.2}], ParametricPlot3D[{ r {Sin[t] Cos[1.5 Pi], Sin[t] Sin[1.5 Pi], Cos[t]}, r {Sin[t] Cos[0 Pi], Sin[t] Sin[0 Pi], Cos[t]}}, {r, 1, 2 - n}, {t, 0, Pi}, PlotStyle -> Yellow, Mesh -> {2, 15}]], {n, 0, 1}]
Post a Comment
Read more

plotting - Plot 4D data with color as 4th dimension

I have a list of 4D data (x position, y position, amplitude, wavelength). I want to plot x, y, and amplitude on a 3D plot and have the color of the points correspond to the wavelength. I have seen many examples using functions to define color but my wavelength cannot be expressed by an analytic function. Is there a simple way to do this? Answer Here a another possible way to visualize 4D data: data = Flatten[Table[{x, y, x^2 + y^2, Sin[x - y]}, {x, -Pi, Pi,Pi/10}, {y,-Pi,Pi, Pi/10}], 1]; You can use the function Point along with VertexColors . Now the points are places using the first three elements and the color is determined by the fourth. In this case I used Hue, but you can use whatever you prefer. Graphics3D[ Point[data[[All, 1 ;; 3]], VertexColors -> Hue /@ data[[All, 4]]], Axes -> True, BoxRatios -> {1, 1, 1/GoldenRatio}]
Post a Comment
Read more

plotting - Mathematica: 3D plot based on combined 2D graphs

I have several sigmoidal fits to 3 different datasets, with mean fit predictions plus the 95% confidence limits (not symmetrical around the mean) and the actual data. I would now like to show these different 2D plots projected in 3D as in but then using proper perspective. In the link here they give some solutions to combine the plots using isometric perspective, but I would like to use proper 3 point perspective. Any thoughts? Also any way to show the mean points per time point for each series plus or minus the standard error on the mean would be cool too, either using points+vertical bars, or using spheres plus tubes. Below are some test data and the fit function I am using. Note that I am working on a logit(proportion) scale and that the final vertical scale is Log10(percentage). (* some test data *) data = Table[Null, {i, 4}]; data[[1]] = {{1, -5.8}, {2, -5.4}, {3, -0.8}, {4, -0.2}, {5, 4.6}, {1, -6.4}, {2, -5.6}, {3, -0.7}, {4, 0.04}, {5, 1.0}, {1, -6.8}, {2, -4.7}, {3, -1.
Post a Comment
Read more